Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Home Page Redirects - all web browsers [Solved]


  • This topic is locked This topic is locked

#16
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK now we will reset both IE and Firefox.  But, first delete all shortcuts for them on your desktop
 
Firefox :

1.Click the menu button and then click help .
2.From the Help menu choose Troubleshooting Information. ...
3.Click the Reset Firefox button in the upper-right corner of the Troubleshooting Information page.
4.To continue, click Reset Firefox in the confirmation window that opens.

Internet Explorer :

1.Close all Internet Explorer and Windows Explorer windows that are currently open.
2.Reopen Internet Explorer.
3.Click the Tools button, and then click Internet options.
4.Click the Advanced tab, and then click Reset. ...
5.In the Reset Internet Explorer Settings dialog box, click Reset.
  • 0

Advertisements


#17
spappala

spappala

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
OK I tried this in both browsers and then did a reboot. It's still redirecting, other than that the computer seems perfectly functional.
  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you delete your current copy of FRST and download an updated version then run a fresh scan

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#19
spappala

spappala

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 04
Ran by Cassandra (administrator) on CASS on 17-04-2015 16:17:44
Running from C:\Users\Cassandra\Desktop
Loaded Profiles: Cassandra (Available profiles: Cassandra & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Users\Cassandra\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\Cassandra\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
() C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [WRSVC] => "C:\Program Files\Webroot\WRSA.exe" -ul
HKLM-x32\...\Run: [VMM Mode Selection] => C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM-x32\...\Run: [Reader Library Launcher] => C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe [906648 2010-07-13] (Sony Corporation)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Run: [Google Update] => C:\Users\Cassandra\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-11-13] (Google Inc.)
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Run: [MusicManager] => C:\Users\Cassandra\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7475200 2015-03-31] (Google Inc.)
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\RunOnce: [Uninstall C:\Users\Cassandra\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Cassandra\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64"
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\MountPoints2: {07d87e39-d45c-11e3-826e-008cfa761fe3} - "E:\VerizonSWUpgradeAssistantLauncher.exe"
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\MountPoints2: {2f1a3d65-b359-11e3-8264-008cfa761fe3} - "E:\VerizonSWUpgradeAssistantLauncher.exe"
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\MountPoints2: {6022d152-6dca-11e3-825b-008cfa761fe3} - "E:\TL-Bootstrap.exe"
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\MountPoints2: {e64b0112-a76b-11e4-828f-008cfa656578} - "E:\VerizonSWUpgradeAssistantLauncher.exe"
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk
ShortcutTarget: Uninstall Webroot RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Cassandra\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cassandra\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cassandra\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cassandra\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cassandra\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cassandra\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cassandra\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cassandra\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3221937665-1828410790-1616708693-1001 -> {991C6E33-7C35-4F2A-8089-BF1218486E0A} URL = http://www.bing.com/...rc=IE-SearchBox
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 167.206.10.178 167.206.10.179 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\t0br9jd4.default-1429236470791
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-11-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @sony.com/eBookLibrary -> C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll [2010-07-13] (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3221937665-1828410790-1616708693-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Cassandra\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-3221937665-1828410790-1616708693-1001: @talk.google.com/O1DPlugin -> C:\Users\Cassandra\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-3221937665-1828410790-1616708693-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Cassandra\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-3221937665-1828410790-1616708693-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Cassandra\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-11-15] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-12-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-12-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-12-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-12-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-12-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Cassandra\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Cassandra\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Extension: Adblock Plus - C:\Users\Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\t0br9jd4.default-1429236470791\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-16]

Chrome:
=======
CHR HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S4 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
S4 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
S4 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2010-04-02] (Sony Corporation) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-08-06] (Synaptics Incorporated)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-25] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
U0 SR; No ImagePath
U2 srservice; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-17 16:17 - 2015-04-17 16:18 - 00029543 _____ () C:\Users\Cassandra\Desktop\FRST.txt
2015-04-17 16:16 - 2015-04-17 16:16 - 02097664 _____ (Farbar) C:\Users\Cassandra\Desktop\FRST64.exe
2015-04-16 22:12 - 2015-04-16 22:12 - 00017408 _____ () C:\Windows\SysWOW64\rpcnetp.dll
2015-04-15 19:52 - 2015-04-16 22:08 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-15 19:52 - 2015-04-15 19:52 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-15 18:15 - 2015-03-23 17:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 18:15 - 2015-03-23 17:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 18:15 - 2015-03-23 17:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-04-15 18:15 - 2015-03-23 17:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 18:15 - 2015-03-23 17:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-04-15 18:15 - 2015-03-20 00:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2015-04-15 18:15 - 2015-03-20 00:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 18:15 - 2015-03-20 00:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 18:15 - 2015-03-19 23:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-04-15 18:15 - 2015-03-19 22:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-04-15 18:15 - 2015-03-19 22:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-04-15 18:15 - 2015-03-19 22:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-04-15 18:15 - 2015-03-14 04:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-15 18:15 - 2015-03-14 04:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-15 18:15 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 18:15 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 18:15 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 18:15 - 2015-03-12 23:53 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-15 18:15 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 18:15 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 18:15 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 18:15 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 18:15 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 18:15 - 2015-03-12 23:17 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-04-15 18:15 - 2015-03-12 23:16 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-15 18:15 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 18:15 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 18:15 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 18:15 - 2015-03-12 22:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-15 18:15 - 2015-03-12 22:50 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-04-15 18:15 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 18:15 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 18:15 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 18:15 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 18:15 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 18:15 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 18:15 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 18:15 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 18:15 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 18:15 - 2015-02-24 04:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 18:15 - 2015-02-20 19:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2015-04-15 18:14 - 2015-03-22 18:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 18:14 - 2015-03-14 04:54 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 18:14 - 2015-03-13 21:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 18:14 - 2015-03-13 21:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 18:14 - 2015-03-13 21:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 18:14 - 2015-03-13 21:37 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 18:14 - 2015-03-13 21:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 18:14 - 2015-03-13 20:22 - 03678720 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 18:14 - 2015-03-13 20:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 18:14 - 2015-03-13 20:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 18:14 - 2015-03-13 20:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-04-15 18:14 - 2015-03-13 20:08 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-04-15 18:14 - 2015-03-13 20:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 18:14 - 2015-03-13 20:06 - 02373632 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 18:14 - 2015-03-13 20:06 - 00891392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 18:14 - 2015-03-13 20:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 18:14 - 2015-03-13 20:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 18:14 - 2015-03-13 19:59 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 18:14 - 2015-03-13 19:59 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 18:14 - 2015-03-12 22:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-15 18:14 - 2015-03-04 06:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2015-04-15 18:14 - 2015-03-03 23:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 18:14 - 2015-03-03 22:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 18:13 - 2015-03-22 18:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 18:13 - 2015-03-22 18:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 18:13 - 2015-03-22 18:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 18:13 - 2015-03-22 18:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 18:13 - 2015-03-22 18:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 18:13 - 2015-03-22 18:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 15:51 - 2015-04-14 15:51 - 00001848 _____ () C:\Users\Cassandra\Desktop\sc-cleaner.txt
2015-04-14 15:50 - 2015-04-14 15:50 - 00459080 _____ (Bleeping Computer, LLC) C:\Users\Cassandra\Desktop\sc-cleaner.exe
2015-04-14 15:43 - 2015-04-14 15:47 - 00000000 __SHD () C:\Users\Cassandra\AppData\Local\EmieBrowserModeList
2015-04-01 14:05 - 2015-04-17 16:17 - 00000000 ____D () C:\FRST
2015-03-25 14:36 - 2015-04-16 22:07 - 00000000 ____D () C:\Users\Cassandra\Desktop\Old Firefox Data
2015-03-25 14:16 - 2015-03-25 14:16 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\qodtydm.sys
2015-03-25 12:42 - 2015-03-25 13:37 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-25 12:41 - 2015-03-25 12:41 - 00001129 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-25 12:41 - 2015-03-25 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-25 12:41 - 2015-03-25 12:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-25 12:41 - 2015-03-25 12:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-25 12:41 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-25 12:41 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-25 12:41 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-25 12:15 - 2015-03-25 14:17 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-25 12:14 - 2015-03-25 12:25 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-25 12:07 - 2015-03-25 14:16 - 00000000 ____D () C:\Users\Cassandra\AppData\Roaming\Compete
2015-03-25 09:47 - 2015-03-25 14:17 - 00000000 ____D () C:\AdwCleaner
2015-03-25 09:16 - 2015-03-25 09:16 - 588193412 _____ () C:\Windows\MEMORY.DMP
2015-03-25 09:16 - 2015-03-25 09:16 - 00285040 _____ () C:\Windows\Minidump\032515-43015-01.dmp
2015-03-25 09:16 - 2015-03-25 09:16 - 00000000 ____D () C:\Windows\Minidump
2015-03-23 19:18 - 2015-03-23 19:18 - 00000000 ____D () C:\Windows\pss
2015-03-23 18:39 - 2015-03-24 13:31 - 00000000 ____D () C:\Users\Cassandra\AppData\Local\LogMeIn Rescue Applet
2015-03-23 17:05 - 2015-04-14 10:43 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-03-23 15:19 - 2015-03-25 09:27 - 00000000 ____D () C:\Users\Cassandra\AppData\Local\Deployment
2015-03-23 15:19 - 2015-03-23 15:19 - 00000000 ____D () C:\Users\Cassandra\AppData\Local\Apps\2.0
2015-03-22 10:56 - 2015-03-22 10:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-17 16:16 - 2013-12-25 16:00 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3221937665-1828410790-1616708693-1001
2015-04-17 16:14 - 2013-12-25 21:25 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1CDF9DAB-02D4-4519-AA51-D9C15CB58813}
2015-04-17 16:13 - 2014-01-16 15:18 - 00000000 ___RD () C:\Users\Cassandra\Dropbox
2015-04-17 16:13 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-17 16:12 - 2014-05-04 10:32 - 00000000 ____D () C:\Users\Cassandra\Tracing
2015-04-17 16:12 - 2014-01-29 15:24 - 00000000 ___RD () C:\Users\Cassandra\Google Drive
2015-04-17 16:12 - 2014-01-16 15:15 - 00000000 ____D () C:\Users\Cassandra\AppData\Roaming\Dropbox
2015-04-17 16:11 - 2013-12-25 15:58 - 00000000 __RDO () C:\Users\Cassandra\SkyDrive
2015-04-17 16:11 - 2013-09-30 07:49 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-16 22:23 - 2013-12-25 15:54 - 00000000 ____D () C:\Users\Cassandra\AppData\Local\Packages
2015-04-16 22:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-04-16 22:22 - 2013-09-30 07:35 - 01217389 _____ () C:\Windows\WindowsUpdate.log
2015-04-16 22:12 - 2013-08-22 10:46 - 00050961 _____ () C:\Windows\setupact.log
2015-04-16 22:12 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-16 22:11 - 2014-07-15 08:45 - 00029976 _____ () C:\Windows\system32\wpbbin.exe
2015-04-16 22:11 - 2014-07-15 08:45 - 00017408 ____N () C:\Windows\SysWOW64\rpcnetp.exe
2015-04-16 22:11 - 2014-07-15 08:45 - 00017408 ____N () C:\Windows\system32\rpcnetp.exe
2015-04-16 22:11 - 2013-08-22 09:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-04-15 19:52 - 2014-12-31 19:26 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 19:52 - 2014-07-15 08:46 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 19:51 - 2014-12-31 19:37 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3221937665-1828410790-1616708693-1001UA.job
2015-04-15 19:45 - 2014-03-24 09:45 - 00000342 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2015-04-15 19:45 - 2013-12-29 16:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-15 19:31 - 2013-09-30 07:49 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-15 19:27 - 2014-01-05 22:00 - 00000000 ____D () C:\Users\Cassandra\AppData\Roaming\Apple Computer
2015-04-15 19:16 - 2013-12-27 00:56 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-04-15 19:16 - 2013-12-27 00:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 19:15 - 2013-12-29 01:23 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 19:12 - 2013-12-29 01:23 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 19:11 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-15 19:05 - 2013-08-22 09:25 - 00000304 _____ () C:\Windows\win.ini
2015-04-15 18:14 - 2013-12-25 21:27 - 00000000 ____D () C:\Users\Cassandra\AppData\Local\Google
2015-04-15 18:14 - 2013-09-30 07:49 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-15 18:13 - 2014-11-12 10:33 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2015-04-14 15:49 - 2014-12-31 19:37 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3221937665-1828410790-1616708693-1001Core.job
2015-04-14 15:44 - 2014-02-19 14:33 - 00339456 ___SH () C:\Users\Cassandra\Desktop\Thumbs.db
2015-04-14 15:43 - 2013-09-13 00:09 - 01133674 _____ () C:\Windows\PFRO.log
2015-04-14 09:06 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-04-14 09:03 - 2013-09-13 00:20 - 00885636 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-14 09:01 - 2014-01-16 15:18 - 00001087 _____ () C:\Users\Cassandra\Desktop\Dropbox.lnk
2015-04-14 09:01 - 2014-01-16 15:17 - 00000000 ____D () C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-13 19:24 - 2014-12-31 19:29 - 00792056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-13 19:24 - 2014-12-31 19:29 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-31 08:26 - 2013-12-31 12:02 - 00004958 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for CASS-Cassandra Cass
2015-03-25 11:58 - 2013-12-25 15:51 - 00000000 ____D () C:\Users\Cassandra
2015-03-25 09:21 - 2013-12-27 12:52 - 00000000 ____D () C:\ProgramData\WRData
2015-03-25 09:06 - 2014-04-03 09:07 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-03-25 08:51 - 2013-12-25 15:54 - 00001629 _____ () C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-25 08:50 - 2013-12-27 13:30 - 00001302 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-25 08:45 - 2014-01-15 16:23 - 00000000 ____D () C:\Users\Cassandra\AppData\Local\CrashDumps
2015-03-23 17:05 - 2014-07-28 10:28 - 00069792 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
2015-03-23 17:04 - 2013-12-27 13:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-19 17:19 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache

==================== Files in the root of some directories =======

2013-12-27 12:59 - 2013-12-27 12:59 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2013-09-30 07:25 - 2013-09-30 07:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-02-10 23:19 - 2014-10-19 15:12 - 0002790 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Cassandra\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuh8wyv.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-14 09:29

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-04-2015 04
Ran by Cassandra at 2015-04-17 16:18:45
Running from C:\Users\Cassandra\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C4700 (x32 Version: 140.0.851.000 - Hewlett-Packard) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CogState Research (HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\CogState Research) (Version:  - CogState Ltd)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
DTS Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
G*Power 3.1.9.2 (HKLM-x32\...\{F9C59D86-6F65-4EDB-89A2-FBA1F78762D2}) (Version: 3.1.92 - Franz Faul, Uni Kiel, Germany)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12992 - HP Photo Creations Powered by RocketLife)
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{28981D56-C55A-4972-998F-823590FD43A2}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
IBM SPSS Statistics 21 (HKLM\...\{1E26B9C2-ED08-4EEA-83C8-A786502B41E5}) (Version: 21.0.0.0 - IBM Corp)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Mendeley Desktop 1.12.3 (HKLM-x32\...\Mendeley Desktop) (Version: 1.12.3 - Mendeley Ltd.)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM-x32\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Music Manager (HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\MusicManager) (Version:  - Google, Inc.)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
PS_AIO_06_C4700_SW_Min (x32 Version: 140.0.863.000 - Hewlett-Packard) Hidden
Python 3.4.1 (HKLM-x32\...\{df32bb9e-3ed8-36b5-a649-e8c845c5f3a2}) (Version: 3.4.1150 - Python Software Foundation)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
R for Windows 3.1.1 (HKLM\...\R for Windows 3.1.1_is1) (Version: 3.1.1 - R Core Team)
Reader Library by Sony (HKLM-x32\...\{B70E5793-F912-4C62-AFE2-C4F0B078FD31}) (Version: 3.3.00.07130 - Sony Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver (x32 Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Display Utility (HKLM\...\{11955FE2-CAC6-4C3B-AA68-F787D7405400}) (Version: 1.1.9.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v2.1.0.14 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.20 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WJ III Normative Update Compuscore and Profiles Program (HKLM-x32\...\WJ III Normative Update Compuscore and Profiles Program) (Version:  - )
WModem Driver Installer (HKLM-x32\...\HTC_WModemDriver) (Version: 2.0.6.13 - HTC)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3221937665-1828410790-1616708693-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Cassandra\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3221937665-1828410790-1616708693-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Cassandra\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3221937665-1828410790-1616708693-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Cassandra\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3221937665-1828410790-1616708693-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Cassandra\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3221937665-1828410790-1616708693-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Cassandra\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3221937665-1828410790-1616708693-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Cassandra\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3221937665-1828410790-1616708693-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cassandra\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3221937665-1828410790-1616708693-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cassandra\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3221937665-1828410790-1616708693-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cassandra\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3221937665-1828410790-1616708693-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cassandra\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3221937665-1828410790-1616708693-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cassandra\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3221937665-1828410790-1616708693-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cassandra\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3221937665-1828410790-1616708693-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cassandra\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3221937665-1828410790-1616708693-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cassandra\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

19-03-2015 17:01:13 Scheduled Checkpoint
14-04-2015 08:54:19 Windows Update
14-04-2015 09:06:30 Restore Point Created by FRST
14-04-2015 15:41:23 Restore Point Created by FRST

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0D7C5951-2155-4AAF-AF93-161BA109AA76} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2013-09-26] (TOSHIBA Corporation)
Task: {125938A1-DEAB-454C-94FC-51D66A38E6C4} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {12A0C33D-A16D-4CCA-9448-E7EA188D1E34} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
Task: {1B61D5D3-B83D-4C39-9EDE-016FDAAFCF58} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {200A28D5-902C-4C7A-92AD-D886B03E7EE2} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2014-03-24] ()
Task: {2111B68A-1C6F-41F1-B29B-205EEF191843} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3221937665-1828410790-1616708693-1001UA => C:\Users\Cassandra\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-13] (Google Inc.)
Task: {24CB3CDB-011F-4762-B4E3-7F986EFBB2C7} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {2A828686-D4AA-48BD-A3F5-10D19C3B5BB9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {39E8AF95-69DA-47E6-B4EF-412F7EEC5C1E} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {5F48F718-195C-450B-AC05-59241C03A1A6} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {64473EC0-FDC7-49E4-948E-D9A25554B5E8} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated)
Task: {7EAEB1AD-FCDC-4893-92A0-627ECB36BB03} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {881AC888-48E6-4445-B95D-3C6D11E89F80} - System32\Tasks\Microsoft Office 15 Sync Maintenance for CASS-Cassandra Cass => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {A3847F5E-8B5D-4DB0-A9C4-0C7BF18BF262} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-30] (Google Inc.)
Task: {A498683D-354F-41BC-BAB0-E21E01EFE213} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-08-21] (Realtek Semiconductor)
Task: {B91FC938-7482-4A0A-9351-46FC3CFED95C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {B9C2A2F8-3A39-4BBE-A0FF-6568B45C52CF} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {C1A049EE-7026-4D94-A47C-913692EA39A9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-30] (Google Inc.)
Task: {D1812F75-BAFF-4E76-A591-2BBD1647216B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {E93A35CA-B3DC-4700-B6E7-D3EB5F59521F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3221937665-1828410790-1616708693-1001Core => C:\Users\Cassandra\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-13] (Google Inc.)
Task: {F12EF677-6E0D-4723-9EAF-64DDEEA26E37} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {F763E4C1-3493-48D5-8D62-C027A1ADE922} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {F9B1FB6E-579C-4C54-8F63-4D8B4E79DF0F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3221937665-1828410790-1616708693-1001Core.job => C:\Users\Cassandra\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3221937665-1828410790-1616708693-1001UA.job => C:\Users\Cassandra\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe

==================== Loaded Modules (whitelisted) ==============

2014-06-02 20:24 - 2011-02-28 18:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-11-25 11:11 - 2014-11-25 11:11 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-08-12 22:52 - 2013-08-12 22:52 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2013-12-28 16:17 - 2011-02-14 09:55 - 00043520 ____R () C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
2014-09-03 15:15 - 2014-09-03 15:15 - 10683392 _____ () C:\Users\Cassandra\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
2014-09-03 15:15 - 2014-09-03 15:15 - 07741952 _____ () C:\Users\Cassandra\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
2014-09-03 15:15 - 2014-09-03 15:15 - 01681408 _____ () C:\Users\Cassandra\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
2014-09-03 15:15 - 2014-09-03 15:15 - 02248192 _____ () C:\Users\Cassandra\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
2015-03-31 18:33 - 2015-03-31 18:33 - 00117248 _____ () C:\Users\Cassandra\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2015-03-31 18:33 - 2015-03-31 18:33 - 00231936 _____ () C:\Users\Cassandra\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2015-03-31 18:33 - 2015-03-31 18:33 - 00253440 _____ () C:\Users\Cassandra\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2015-03-31 18:33 - 2015-03-31 18:33 - 00344064 _____ () C:\Users\Cassandra\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2014-09-03 15:15 - 2014-09-03 15:15 - 00026624 _____ () C:\Users\Cassandra\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
2015-04-17 16:12 - 2015-04-17 16:12 - 00043008 _____ () c:\Users\Cassandra\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuh8wyv.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00750080 _____ () C:\Users\Cassandra\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00047616 _____ () C:\Users\Cassandra\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00865280 _____ () C:\Users\Cassandra\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00200704 _____ () C:\Users\Cassandra\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2010-07-13 02:28 - 2010-07-13 02:28 - 00856064 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\fsk.dll
2010-07-13 02:13 - 2010-07-13 02:13 - 00033792 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\FskMediaPlayers.dll
2010-07-13 02:15 - 2010-07-13 02:15 - 00233472 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\Fskin.dll
2010-07-13 02:22 - 2010-07-13 02:22 - 00020480 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\FskinLocalize.dll
2010-04-02 22:23 - 2010-04-02 22:23 - 00815104 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\FskSecurity.dll
2010-07-13 02:16 - 2010-07-13 02:16 - 00118784 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\FskDocumentViewer.dll
2010-07-13 02:22 - 2010-07-13 02:22 - 00009728 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\FskPower.dll
2010-07-13 02:26 - 2010-07-13 02:26 - 00018432 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\FskNetInterface.dll
2010-07-13 02:15 - 2010-07-13 02:15 - 00010240 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\FskMobileMediaDevice.dll
2010-07-13 02:25 - 2010-07-13 02:25 - 00008704 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\FskTimeHardware.dll
2010-07-13 02:25 - 2010-07-13 02:25 - 00028160 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ticket.dll
2010-07-13 02:25 - 2010-07-13 02:25 - 00011776 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ebookDeviceNotifier.dll
2010-04-02 21:44 - 2010-04-02 21:44 - 00086016 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ebookUsb.dll
2010-07-13 02:29 - 2010-07-13 02:29 - 00143360 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\connectionDetector.dll
2010-07-13 02:10 - 2010-07-13 02:10 - 00172032 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\USBDetector.dll
2015-04-17 16:12 - 2015-04-17 16:12 - 00098816 _____ () C:\Users\Cassandra\AppData\Local\Temp\_MEI4402\win32api.pyd
2015-04-17 16:12 - 2015-04-17 16:12 - 00110080 _____ () C:\Users\Cassandra\AppData\Local\Temp\_MEI4402\pywintypes27.dll
2015-04-17 16:12 - 2015-04-17 16:12 - 00364544 _____ () C:\Users\Cassandra\AppData\Local\Temp\_MEI4402\pythoncom27.dll
2015-04-17 16:12 - 2015-04-17 16:12 - 00045568 _____ () C:\Users\Cassandra\AppData\Local\Temp\_MEI4402\_socket.pyd
2015-04-17 16:12 - 2015-04-17 16:12 - 01161216 _____ () C:\Users\Cassandra\AppData\Local\Temp\_MEI4402\_ssl.pyd
2015-04-17 16:12 - 2015-04-17 16:12 - 00320512 _____ () C:\Users\Cassandra\AppData\Local\Temp\_MEI4402\win32com.shell.shell.pyd
2015-04-17 16:12 - 2015-04-17 16:12 - 00713216 _____ () C:\Users\Cassandra\AppData\Local\Temp\_MEI4402\_hashlib.pyd
2015-04-17 16:12 - 2015-04-17 16:12 - 01175040 _____ () C:\Users\Cassandra\AppData\Local\Temp\_MEI4402\wx._core_.pyd
2015-04-17 16:12 - 2015-04-17 16:12 - 00805888 _____ () C:\Users\Cassandra\AppData\Local\Temp\_MEI4402\wx._gdi_.pyd
2015-04-17 16:12 - 2015-04-17 16:12 - 00811008 _____ () C:\Users\Cassandra\AppData\Local\Temp\_MEI4402\wx._windows_.pyd
2015-04-17 16:12 - 2015-04-17 16:12 - 01062400 _____ () C:\Users\Cassandra\AppData\Local\Temp\_MEI4402\wx._controls_.pyd
2015-04-17 16:12 - 2015-04-17 16:12 - 00735232 _____ () C:\Users\Cassandra\AppData\Local\Temp\_MEI4402\wx._misc_.pyd
2015-04-17 16:12 - 2015-04-17 16:12 - 00682496 _____ () C:\Users\Cassandra\AppData\Local\Temp\_MEI4402\pysqlite2._sqlite.pyd
2015-04-17 16:12 - 2015-04-17 16:12 - 00128512 _____ () C:\Users\Cassandra\AppData\Local\Temp\_MEI4402\_elementtree.pyd
2015-04-17 16:12 - 2015-04-17 16:12 - 00127488 _____ () C:\Users\Cassandra\AppData\Local\Temp\_MEI4402\pyexpat.pyd
2015-04-17 16:12 - 2015-04-17 16:12 - 00087552 _____ () C:\Users\Cassandra\AppData\Local\Temp\_MEI4402\_ctypes.pyd
2015-04-17 16:12 - 2015-04-17 16:12 - 00119808 _____ () C:\Users\Cassandra\AppData\Local\Temp\_MEI4402\win32file.pyd
2015-04-17 16:12 - 2015-04-17 16:12 - 00108544 _____ () C:\Users\Cassandra\AppData\Local\Temp\_MEI4402\win32security.pyd
2015-04-17 16:12 - 2015-04-17 16:12 - 00007168 _____ () C:\Users\Cassandra\AppData\Local\Temp\_MEI4402\hashobjs_ext.pyd
2015-04-17 16:12 - 2015-04-17 16:12 - 00167936 _____ () C:\Users\Cassandra\AppData\Local\Temp\_MEI4402\win32gui.pyd
2015-04-17 16:12 - 2015-04-17 16:12 - 00018432 _____ () C:\Users\Cassandra\AppData\Local\Temp\_MEI4402\win32event.pyd
2015-04-17 16:12 - 2015-04-17 16:12 - 00038912 _____ () C:\Users\Cassandra\AppData\Local\Temp\_MEI4402\win32inet.pyd
2015-04-17 16:12 - 2015-04-17 16:12 - 00011264 _____ () C:\Users\Cassandra\AppData\Local\Temp\_MEI4402\win32crypt.pyd
2015-04-17 16:12 - 2015-04-17 16:12 - 00070656 _____ () C:\Users\Cassandra\AppData\Local\Temp\_MEI4402\wx._html2.pyd
2015-04-17 16:12 - 2015-04-17 16:12 - 00027136 _____ () C:\Users\Cassandra\AppData\Local\Temp\_MEI4402\_multiprocessing.pyd
2015-04-17 16:12 - 2015-04-17 16:12 - 00020480 _____ () C:\Users\Cassandra\AppData\Local\Temp\_MEI4402\_yappi.pyd
2015-04-17 16:12 - 2015-04-17 16:12 - 00035840 _____ () C:\Users\Cassandra\AppData\Local\Temp\_MEI4402\win32process.pyd
2015-04-17 16:12 - 2015-04-17 16:12 - 00686080 _____ () C:\Users\Cassandra\AppData\Local\Temp\_MEI4402\unicodedata.pyd
2015-04-17 16:12 - 2015-04-17 16:12 - 00122368 _____ () C:\Users\Cassandra\AppData\Local\Temp\_MEI4402\wx._wizard.pyd
2015-04-17 16:12 - 2015-04-17 16:12 - 00024064 _____ () C:\Users\Cassandra\AppData\Local\Temp\_MEI4402\win32pipe.pyd
2015-04-17 16:12 - 2015-04-17 16:12 - 00010240 _____ () C:\Users\Cassandra\AppData\Local\Temp\_MEI4402\select.pyd
2015-04-17 16:12 - 2015-04-17 16:12 - 00025600 _____ () C:\Users\Cassandra\AppData\Local\Temp\_MEI4402\win32pdh.pyd
2015-04-17 16:12 - 2015-04-17 16:12 - 00525640 _____ () C:\Users\Cassandra\AppData\Local\Temp\_MEI4402\windows._lib_cacheinvalidation.pyd
2015-04-17 16:12 - 2015-04-17 16:12 - 00017408 _____ () C:\Users\Cassandra\AppData\Local\Temp\_MEI4402\win32profile.pyd
2015-04-17 16:12 - 2015-04-17 16:12 - 00022528 _____ () C:\Users\Cassandra\AppData\Local\Temp\_MEI4402\win32ts.pyd
2015-04-17 16:12 - 2015-04-17 16:12 - 00078336 _____ () C:\Users\Cassandra\AppData\Local\Temp\_MEI4402\wx._animate.pyd

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Cassandra\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 167.206.10.178 - 167.206.10.179

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: BackupStack => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: dts_apo_service => 2
MSCONFIG\Services: FlashBeat => 2
MSCONFIG\Services: Gambali => 2
MSCONFIG\Services: GamesAppIntegrationService => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: ICCS => 3
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: Intel® ME Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: lifotugo => 2
MSCONFIG\Services: LMIRescue_3abf2ba3-5eaa-4f31-b6fb-2c87e689ea15 => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: PsnZqIeQO => 2
MSCONFIG\Services: qrsvc_1.10.0.9 => 2
MSCONFIG\Services: rebebicu => 2
MSCONFIG\Services: rpcnet => 2
MSCONFIG\Services: Sony SCSI Helper Service => 3
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: todufesi => 2
MSCONFIG\Services: TOSHIBA eco Utility Service => 2
MSCONFIG\Services: UniversalUpdater => 2
MSCONFIG\Services: Update digi docket => 2
MSCONFIG\Services: Util digi docket => 2
MSCONFIG\Services: WRSVC => 2
MSCONFIG\Services: xuhejygu => 2

==================== Accounts: =============================

Administrator (S-1-5-21-3221937665-1828410790-1616708693-500 - Administrator - Enabled) => C:\Users\Administrator
Cassandra (S-1-5-21-3221937665-1828410790-1616708693-1001 - Administrator - Enabled) => C:\Users\Cassandra
Guest (S-1-5-21-3221937665-1828410790-1616708693-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3221937665-1828410790-1616708693-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/17/2015 04:15:05 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (04/17/2015 04:15:05 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Cannot start service TMachInfo on computer '.'.

Error: (04/17/2015 04:12:54 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (04/16/2015 10:20:43 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (04/16/2015 10:17:46 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (04/16/2015 10:17:46 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Cannot start service TMachInfo on computer '.'.

Error: (04/16/2015 10:13:50 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (04/16/2015 10:04:18 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (04/16/2015 10:04:18 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Cannot start service TMachInfo on computer '.'.

Error: (04/16/2015 10:01:53 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)


System errors:
=============
Error: (04/16/2015 10:11:18 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024001e: Definition Update for Windows Defender - KB2267602 (Definition 1.195.3530.0).

Error: (04/16/2015 10:11:12 PM) (Source: DCOM) (EventID: 10010) (User: CASS)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (04/16/2015 10:11:12 PM) (Source: DCOM) (EventID: 10010) (User: CASS)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (04/15/2015 06:49:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240055: Security Update for Windows 8.1 for x64-based Systems (KB3042553).

Error: (04/15/2015 06:15:41 PM) (Source: DCOM) (EventID: 10010) (User: CASS)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (04/15/2015 06:15:41 PM) (Source: DCOM) (EventID: 10010) (User: CASS)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (04/15/2015 06:15:37 PM) (Source: DCOM) (EventID: 10010) (User: CASS)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (04/15/2015 06:15:37 PM) (Source: DCOM) (EventID: 10010) (User: CASS)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (04/14/2015 03:42:16 PM) (Source: DCOM) (EventID: 10010) (User: CASS)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (04/14/2015 03:37:49 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 80.


Microsoft Office Sessions:
=========================
Error: (04/17/2015 04:15:05 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (04/17/2015 04:15:05 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Cannot start service TMachInfo on computer '.'.

Error: (04/17/2015 04:12:54 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (04/16/2015 10:20:43 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (04/16/2015 10:17:46 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (04/16/2015 10:17:46 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Cannot start service TMachInfo on computer '.'.

Error: (04/16/2015 10:13:50 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (04/16/2015 10:04:18 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (04/16/2015 10:04:18 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Cannot start service TMachInfo on computer '.'.

Error: (04/16/2015 10:01:53 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)


CodeIntegrity Errors:
===================================
  Date: 2015-04-15 18:43:11.938
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-14 09:33:33.520
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-25 10:45:41.336
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-17 09:31:11.316
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-11 09:55:18.878
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Webroot\WRSA.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe that did not meet the Store signing level requirements.

  Date: 2014-12-01 10:05:24.186
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-25 10:03:11.331
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Webroot\WRSA.exe) attempted to load \Device\HarddiskVolume4\Program Files\HTC\ModeSelection\VMMModeSelection.exe that did not meet the Store signing level requirements.

  Date: 2014-11-25 10:03:11.277
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Webroot\WRSA.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe that did not meet the Store signing level requirements.

  Date: 2014-11-14 11:48:50.554
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-08 14:38:26.931
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i3-3120M CPU @ 2.50GHz
Percentage of memory in use: 35%
Total physical RAM: 3975.27 MB
Available physical RAM: 2547.27 MB
Total Pagefile: 8327.27 MB
Available Pagefile: 6705.38 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (TI10673200G) (Fixed) (Total:689.25 GB) (Free:615.43 GB) NTFS
Drive d: (NEBRASKA) (CDROM) (Total:4.21 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================


  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm a new one methinks...

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
C:\Users\Cassandra\AppData\Local\Temp\_MEI4402
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Download AVZ tool from here to your desktop
Unzip all files to a folder on your desktop
Open the folder and double click the AVZ icon avz.JPG
When the tool opens select "File" > "Standards scripts"
avz1.jpg

Place a tick in :


5. Update signature database

Then press "Execute selected scripts"
avz2.JPG

Once that has execute then
select "File" > "Standards scripts"
Place a tick in :

3. Advanced System Analysis with malware removal mode enabled


When finished look in the folder AVZ4 on your desktop
Open the LOG folder
Attach virusinfo_syscure to your next post
vz3.JPG
  • 0

#21
spappala

spappala

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

When running AVZ4  it keeps getting to the same point and the program crashes. During "3. Scanning disks" specifically it is getting stuck. Perhaps it is getting stuck or blocked by some aspect of the infection running in background? Should I try running it in safe mode? Also, thank you for all of this assistance.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-04-2015 04
Ran by Cassandra at 2015-04-17 17:11:22 Run:3
Running from C:\Users\Cassandra\Desktop
Loaded Profiles: Cassandra (Available profiles: Cassandra & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
C:\Users\Cassandra\AppData\Local\Temp\_MEI4402
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.
"C:\Users\Cassandra\AppData\Local\Temp\_MEI4402" => File/Directory not found.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.


========= End of RemoveProxy: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {D9B51D46-8050-4640-B86B-FB1796C7DDDF}.
Unable to cancel {8D7B5DD2-BB9D-4E48-9C1F-9F0C85683384}.
Unable to cancel {B2FC0BE7-3BDF-4CDF-A8F7-DCEF672385A0}.
0 out of 3 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 384.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog 17:12:00 ====


Edited by spappala, 17 April 2015 - 03:35 PM.

  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Yes try safe mode please


  • 0

#23
spappala

spappala

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Attempting to run in safe mode, but getting the same result. Instead of saying "this program is not responding" the window just appears to close at the scanning disks phase. What shall I try next?


  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do you have access to another computer where you could burn a programme to USB ?

Create an emergency repair USB drive:
Download Dr Web Live USB to your desktop
  • Connect a USB flash drive to the computer. Registering the plugging in event takes no more than 10 seconds.
  • Launch drwebliveusb.exe.
  • The program will detect available USB-devices automatically and prompt you to choose the one you?d like to use as an emergency repair drive. You can format the device if you like (a warning will be displayed before you proceed with formatting). In order to read the License agreement, follow a corresponding link found in the program window (the page containing the license agreement text will be loaded in your default browser).
    liveusb_ru.jpg
  • To create a bootable USB flash drive, press the Create Dr.Web LiveUSB button.
  • Files will be copied automatically.
  • Once the copying process is completed, press the Exit button to close the application.
  • Reboot the infected computer with the USB in the drive
  • Ensure that the first boot device is USB - If you are not sure about that then see this page for instructions
  • As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.

    Live%20boot%20screen.png
  • Use arrow keys to select DrWeb-LiveCD (Default)

    drwebselect.JPG
  • Press select objects for scanning

    drwebfolders.JPG
  • When the system is loaded, check the disks or folders you want to scan, and click on Start.
  • The programme will now scan for and cure/delete any malware that it finds. Allow it to do so
    drwebscan.JPG
  • When it has completed

    drwebscancomplete.JPG
  • Select Open Report and copy to the USB
  • Once completed reboot to normal windows, and attach the report here

  • 0

#25
spappala

spappala

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Having a bit of trouble getting the USB stick to load. This laptop is the first that I've worked on with UEFI. Does this drive have to be specially formatted to work properly?


  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

I believe the latest version works for EUFI


  • 0

#27
spappala

spappala

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Thank you! Full scan is currently running and has about an hour remaining. I had to make a few adjustments to put the laptop into CMS boot mode and disable secure boot, then it was able to boot from the USB stick.


  • 0

#28
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Thanks for the update


  • 0

#29
spappala

spappala

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Wow it took quite some time to run, but finally finished. I was never given an option to open/save a report at the end, tried matching to your screenshot but the option simply was not there. The 20 or so files that were listed as infected and removed were all located in the farbar quarantine and the adwcleaner quarantine. No infected files were found elsewhere on the disk.


  • 0

#30
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Where do the redirections take you to please, as that will provide a clue
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP